Google Professional Cloud Network Engineer Exam Practice Test Instant Access

Question 1

You ate planning to use Terraform to deploy the Google Cloud infrastructure for your company, The design must meet the following requirements

* Each Google Cloud project must represent an Internal project that your team Will work on

* After an Internal project is finished, the infrastructure must be deleted

* Each Internal project must have Its own Google Cloud project owner to manage the Google Cloud resources.

* You have 10---100 projects deployed at a time

While you are writing the Terraform code, you need to ensure that the deployment is simple and the code is reusable With

centralized management What should you do?

ACreate a Single project and additional VPCs for each internal project

BCreate a Single Shared VPC and attach each Google Cloud project as a service project

CCreate a Single project and Single VPC for each internal project

DCreate a Shared VPC and service project for each internal project

Answer : D

The correct answer is D because it meets the following requirements:

Each internal project has its own Google Cloud project, which can be easily created and deleted by Terraform using the google_project resource1.

Each internal project has its own Google Cloud project owner, which can be assigned by Terraform using the google_project_iam_member resource1.

The deployment is simple and the code is reusable with centralized management, because the Shared VPC allows you to connect multiple service projects to a single host project that contains the network resources2.This way, you can use Terraform modules to create and manage the network resources in the host project, and then reference them in the service projects3.

Option A is incorrect because it does not create separate Google Cloud projects for each internal project, which makes it harder to delete the infrastructure and assign project owners.Option B is incorrect because it does not create separate Google Cloud projects for each internal project, and also because it attaches the service projects to a Shared VPC, which is not recommended for short-lived projects2. Option C is incorrect because it does not use a Shared VPC, which means that each internal project has to create and manage its own network resources, which increases complexity and reduces reusability.

References:

google_project - Terraform Registry

Managing infrastructure as code with Terraform, Cloud Build, and GitOps | Google Cloud

Automating your automation by Creating Google Cloud Projects Automatically

Question 2

You work for a university that is migrating to GCP.

These are the cloud requirements:

* On-premises connectivity with 10 Gbps

* Lowest latency access to the cloud

* Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

AUse Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.

BUse Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

CUse standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.

DUse standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

Answer : A

https://cloud.google.com/interconnect/docs/how-to/dedicated/using-interconnects-other-projects

Using Cloud Interconnect with Shared VPC You can use Shared VPC to share your VLAN attachment in a project with other VPC networks. Choosing Shared VPC is preferable if you need to create many projects and would like to prevent individual project owners from managing their connectivity back to your on-premises network. In this scenario, the host project contains a common Shared VPC network usable by VMs in service projects. Because VMs in the service projects use this network, Service Project Admins don't need to create other VLAN attachments or Cloud Routers in the service projects. In this scenario, you must create VLAN attachments and Cloud Routers for a Cloud Interconnect connection only in the Shared VPC host project. The combination of a VLAN attachment and its associated Cloud Router are unique to a given Shared VPC network. https://cloud.google.com/network-connectivity/docs/interconnect/how-to/enabling-multiple-networks-access-same-attachment#using_with

https://cloud.google.com/vpc/docs/shared-vpc

Question 3

Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate organization in GCP and has implemented a custom DNS solution. Each organization will retain its current domain and host names until after a full transition and architectural review is done in one year. These are the assumptions for both GCP environments.

* Each organization has enabled full connectivity between all of its projects by using Shared VPC.

* Both organizations strictly use the 10.0.0.0/8 address space for their instances, except for bastion hosts (for accessing the instances) and load balancers for serving web traffic.

* There are no prefix overlaps between the two organizations.

* Both organizations already have firewall rules that allow all inbound and outbound traffic from the 10.0.0.0/8 address space.

* Neither organization has Interconnects to their on-premises environment.

You want to integrate networking and DNS infrastructure of both organizations as quickly as possible and with minimal downtime.

Which two steps should you take? (Choose two.)

AProvision Cloud Interconnect to connect both organizations together.

BSet up some variant of DNS forwarding and zone transfers in each organization.

CConnect VPCs in both organizations using Cloud VPN together with Cloud Router.

DUse Cloud DNS to create A records of all VMs and resources across all projects in both organizations.

ECreate a third organization with a new host project, and attach all projects from your company and Altostrat to it using shared VPC.

Answer : B, C

https://cloud.google.com/dns/docs/best-practices

Question 4

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.

Which next hop should you choose?

AThe default internet gateway

BThe IP address of the Cloud VPN gateway

CThe name and region of the Cloud VPN tunnel

DThe IP address of the instance on the remote side of the VPN tunnel

Answer : C

When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns

Question 5

One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be automatically assigned to a different instance.

In the GCP Console, what should you do?

AAssign a public IP address to the instance.

BAssign a new reserved internal IP address to the instance.

CChange the instance's current internal IP address to static.

DAdd custom metadata to the instance with key internal-address and value reserved.

Answer : C

https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address#reservenewip Since here https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address#reservenewip it is written that 'automatically allocated or an unused address from an existing subnet'.

Question 6

In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP. Each department has one VPC in its project and wants full control over their network. Neither department intends to recreate its existing computing resources. You want to implement a solution that minimizes cost.

Which two steps should you take? (Choose two.)

AConnect both projects using Cloud VPN.

BConnect the VPCs in project code-dev and data-dev using VPC Network Peering.

CEnable Shared VPC in one project (e. g., code-dev), and make the second project (e. g., data-dev) a service project.

DEnable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.

ECreate a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa.

Answer : B, D

Question 7

You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

AUse Network Load Balancing

BUse TCP Proxy Load Balancing with PROXY protocol enabled

CUse External HTTP(S) Load Balancing with URL Maps and custom headers

DUse External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

Answer : D